a8aa68789be0cb145888ae11a9bb52e6_JaffaCakes118 | Triage

Sharing

General

Target

a8aa68789be0cb145888ae11a9bb52e6_JaffaCakes118
Size

100KB
MD5

a8aa68789be0cb145888ae11a9bb52e6
SHA1

34b526614467b7632d5b9f669163a843ae809476
SHA256

2eaf5845a7ded7b16ce421b176fb42ee942d51a7939e637831ee1ad1cdbed725
SHA512

3811e6671b52729c87acae95aee4ba7dda777d61ca4dcccfd259b764fbca462ff4be96badf14b6b2ffc7ce8a82afcdec912144ec7e188f36aa90248ab39efe79
SSDEEP

3072:11SzZ2TlIeD6JmKuz+FBjVPCM4hqPSpz:UZe+KcmKuz+7cMkqPS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a8aa68789be0cb145888ae11a9bb52e6_JaffaCakes118

Files

a8aa68789be0cb145888ae11a9bb52e6_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

5059513bebf5c9510f7a3cae60da54ca

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryExA
SetConsoleCursorMode
GetCurrentThreadId
UnregisterWait
GlobalGetAtomNameW
CompareStringW
GetProcAddress
GetConsoleCommandHistoryLengthA
Heap32ListFirst

advapi32

FreeSid

oleaut32

SysFreeString

user32

wvsprintfA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
Cookgbo
DllMain
DllRegisterServer
DllUnregisterServer
ServiceMain

Sections

.none
Size: 96KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.none2
Size: 1024B - Virtual size: 514B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 224B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mnon
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ